package security.core.filter.handler.impl;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import security.core.filter.handler.PrivilegeProcessHandler;
import security.core.manager.PrivilegeManager;
import security.core.source.UserDetail;
import security.debug.RBACLogger;

public class RBACPrivilegeProcessHandler implements PrivilegeProcessHandler {

	@Override
	public void process(ServletRequest request, ServletResponse response,
			PrivilegeManager privilegeManager) throws IOException,
			ServletException {
		// TODO Auto-generated method stub
		if (RBACLogger.debug()) {
			RBACLogger.log("RBACPrivilegeProcessHandler#process is called!");
		}
		HttpSession session = ((HttpServletRequest)request).getSession();
		UserDetail user = (UserDetail) session.getAttribute("RBAC_USER_DETAIL");
		if (!privilegeManager.isAuthorizedRequest(user, ((HttpServletRequest)request).getRequestURI().toString())) {
			System.out.println("authorize fail");
			((HttpServletResponse)response).sendRedirect(privilegeManager.getAccessDeniedPage());
		}
	}

}
